I’ve been recently testing the viability of migrating our datacenter instances into an Amazon VPC/EC2 environment.

Due to the nature of Amazon’s NAT architecture, a few services need to be configured slightly different to work properly. I was experiencing issues connecting to the Pure-FTPd service on an instance running in VPC. I could connect just fine using ACTIVE mode in my FTP client but would continue getting rejected when trying to use PASSIVE mode.

I recently received an abuse email informing me that an node in my cluster was communicating brute force attacks to WordPress installations across the web.

I regularly check process logs and nothing out of the ordinary was present for the past few weeks but after a bit more digging I found an installation on a node that was running an old version of WordPress and had a theme installed that had been compromised. Obviously keeping your WordPress installation up to date is best practice, but in a real world scenario, users don’t always update or may feel overwhelmed about updating.

I want to share my experience of tracing the offending installation and provide the steps I took to alleviate the problem. These steps are reliant on the fact that you have a cPanel/WHM environment, although all steps could be accomplished directly through a CLI (Command Line Interface).

In a recent project, I made use of the built in WordPress Tag Cloud widget. The default widget gives you only a few options, none of which I found quite useful.

The project relied on the ability to be able to browse entries by tags and as a visual cue, I wanted to style the currently active tag. Most active list items that WordPress generates are conveniently tagged with a class identifier such as active or current. Unfortunately the Tag Cloud omits this feature.

Extending wp_tag_cloud(), here is a snippet that can be added to your theme’s functions.php file to add the functionality.